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Securities Firm A 



FX Trading 
Engine 



Securities 
Accounting 



Transform 
ation 



Typical Technology Used 
Customized adapter 
Preagreed interface forma standard 
EDI translator 



Customer B 



Transform 
ation 



1 



Order I 
Management! 



Payment 
Gateway 



1 



When to Use 
Point-to-point exchange, tight 
integration 

Limited number of trading partners 
Relatively static data formats 

Baaed cn: tee&Apte. Integrating \tour e-Business Enterprise. SAMS, 2001. 
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tions 

2. Transform data into XML using 

3, Hash to generate DSIG 



4. Send SOAP messages via J A) CM 
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Customer B'sl 
Apps I 



JAXP 



5. Transform data into XML usi ig JAXP 



6. Hash to decode/decrypt E^ G/ 
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Typical Technology Used 

Stan dard ized horn e-g ro wn/custorni ze d 

adapter 

Standardized interface formatfAPI 
standard 

EDI translator/EAl or middleware 



When to Use 

Strong urge for standard build 

Point-to-point exchange, tight 

integration 
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Gateway 



2. Transform data into XML using 

3. Hash to generate DSIG 



4. Send SOAP rnessaggs via SOkP-Gateway protocol binding 



Q 
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SOAP- Gateway protocol binding 



Customer B's I 
Apps 1 



standard build API 



5. Transform data into XML usifig standard 
build API 



6. Hash to decode/decrypt DSI 
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Typical Technology Used 
Sy n ch ro no u s/asy n c h ro n o u s d at abas e 
replication (push-pull) 
Database/message centric applications 
EAI/Messaging middleware (e.g., RV-TX 
JMS with JMS Bridge or JMS-SOAP) 



When to Use 

Highly centralized business 

applications 

No geographical location constraints 
Local spokes are for backup/ 
performance benefits (e.g., faster 
access, MIS) 
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7. Publish transaction event 
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North America Region 



Asia Pacific Region 




Europe Region 



Typical Technology Used 
Synchronous/asynchronous database 
replication (push-push) 
Database/Message centric applications 
EAI/Messaging middleware, (e.g., RV-TX 
JMS with JMS Bridge or JMS-SOAP) 



When to Use 

Highly distributed business applications with 
local control 

Geographical location constraints 
Partition different hubs for different products or 
transaction types, where replications are tor 
back-up purpose 
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3 
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1J Publish application data for transformation 




Typical Technology Used Whon to Use 

EAI/Messaging middleware, e.g., Amtrix, Complicate data transformation or work flow 

Mercator Multi-channel deliver/ support, (e.g., email, fax, 

EDI Translator EDI) 
JMS or non^JMS middleware 
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XML 



SunGard 
STN 



Exchange 
Gateway 
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Typical Technology Used 
Vendor/off-the-shelf XML adapter 
Preagreed XML standardsA'ariants 
XML Web Services 



Customer B 



Exchange 
Gateway 




XML 



SAP 
Fl 



Siebel 
CRM 



Oracle 9i 



When to Use 

Loosely coupled integration 

Large number of trading partners 

Multiple systems need to be 

integrated 

Based on: Yee & Apte. Integrating tour e- Business Enterprise. SAMS. 2001 . 
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4. Hash to generate DSiG 



3 



1 2. Acknowledge & confirm to sender 
using JAXM 
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Get FX Quota 
Event 




Initiate 
Order Event 



Securities Firm A 



Place 
Order Event 




Execute 
Order Event 



Typical Technology Used 
Customized work flow integration tools 
Preagreed message formats/APIs 



When to Use 

Tightly coupled integration 

Small number of trading partners 

Strong business sen/ice integration needs 



Basod on: Y«© A Apia. Integrating Your a-Gusinasa Enterprise. SaK\S 2SXj\. 
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Typical Technology Used 
Customized workflow integration tools 
Preagreed message formats/ APIs 
"Shared" process integration tools for 
public events 



When to Use 

"Co- branded" business services 

Tightly coupled process & technical integration 

Small number of trading partners 
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Typical Technology Used 
Hyrbrid integration methods 
P re-agreed message for mats.' APIs 
XML Web Sen/ices 
HTTP/S GET or POST 



When to Use 

Brokering similar services with a single front-end 
(service-provider neutral)' 
Loosely coupled process & technical integration 
Large number of trading partners 
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Typical Technology Used 
Hyrbrid integration methods 
Preagreed message formats/APIs 
XML Web Services 
HTTP/S GET or POST 



When to Use 

Brokering lowest price of similar services with a 
single front- end (Service-Provider neutral) 
Loosely coupled process & technical integration 
Large number of trading partners 
Price-sensitive & homogeneous products 
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Integration Patterns When to Use 



Benefits 



Consideration 



Application to 
Application 


Point-to-point 
exchange 


Tight integration 


Limited scalability 


Standard Build 


Strong branding 
Strong urge to 
standardize 


Reduce deployment 
effort 

Standardized service ? 
faster deployment 
with no customization 


Consensus on 
standard builds 


Hub- Spoke 

Replication 

Federated 

Replication 

Multi-step 

Application 

Integration 


Hub-spoke business 
model 

Intra-enterprise 
integration 


Flexible workflow 
integration 
Reliable and 
consistent multi-step 
application 
integration 


Inter-enterprise 
integration with 
many customization 
options 


Data Exchange 


Large number of 
partners to integrate 
with heterogeneous 
platforms & standards 


Accom m odati ng 
differences in 
standards/interfaces 


Emerging standards 
and technology 


Closed Process 
Integration 
Open Process 
Integration 


Shared business 
processes 

Wo rkfl ow-o ri en te d 
services 


Richer support for 
process integration 
Cohesive and tightly 
integrated services 


Complexity for 
partners to agree and 
implement 


Service 

Consolidation- 
Broker Integration 


Single front-end for 
multiple Service 
Providers 


Added values and 
S e rvice -P rovi de r 
neutral 


Handling service 
failure of partners 



Reverse Auction- 
B roker In tegratio n 
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Integration 
Patterns 
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Standards 
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Examples 


Application to 
Application 


Customized adapters 
EDI translator 


Proprietary- 
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Standard Build 


Proprietary 


Proprietary 
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Hub-Spoke 

Replication 

Federated 
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Multi-step 

Application 

Integration 


EAI solutions, such 
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and TIBCO 


JMS, SOAP-JMS 

binding 
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Data Exchange 


XML Web Services 


XML and SOAP, 
UDDI, WSDL 


AIG 

Visa Commerce 


Closed Process 
Integration 
Open Process 
Integration 


EAI .solutions or 
middleware, such as 
Sun ONE 
Integration Server 
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Web Services 
technology 
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Security 
Mechanism 
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Security Protection 


Security Standards 
Specifications 


Service 
Negotiation 


Identity 
management 

Access control 
and policy 
management 
Single Sign -on 


Liberty-compliant 
Identity Server 

Access control for XML 

messages 

Single Sign-on products 


Idea titij ma n ageme at — 
Liberty LI, XML Key 
Ma nage m en t S pecifi c at i on 
(XKMS), WS-Federation 
Entitlement — S A M L, 
XACML, WS-Authorization 

Policy— WS-Policy 
Othe rs — WS-Secure 
Conversation, WS -Trust, 
WS- Privacy 


Service 
Discovery 


Service Registry 
security 


UDDI Service Registry 
security features 
Protection for WSDL 
documents 


UDDI 
WSDL 


Transaction 
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Messaging 
security 


Data encryption 
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Key management and 
managing credentials 


XML Encryption (XML- 
ENC) 

XML Signature (XML- 
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WS- Security 
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Transport 


Data transport 
security 


128-bit SSL with HTTPS 

Protocol security for 
FTP, SMTP, and so forth 


HTTPS 
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IPSee 


Internet 


Network 
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security 


Leased line or route r- 
level encryption 
Virtual Private Network 
(VPN) gateways 
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system security 

Penetration 
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Linux Operating System 
(OS) hardening 

Windows OS hardening 

Professional Penetration 
Testing 
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Cross-domain Single Sign -on 



(e.g., Liberty, SAML, etc.) 
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Security Technology 
or Standards 


Security 
Requirements 


Trust Domains 


Key management 
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Host security hardening 


Authentication 
Confidentiality 
Trace ability 
Non-repudiation 


Authentication 


Single Sign-on with SAML and Directory Server 
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Availability 


Transactional 
security 
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XACML 
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Threat Profiling 


Web Services 
objects- 


Security hardening for UDDI configuration files 
and WSDLs 
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Availability 


Hacker attack 
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Apqii re a WSDL document and 

sniff for a copy ol SOAP massage from internal 

network 



<rnessag3 name=' IransferFund Request "> 

<part narne= aocounM " l>p©=" xsd istrintf /> 

<part narne='aocount2' lyp©= M xsd:strin^"/> 
<ftnessage> 

^message name=" transferFundReeponse "> 

•cpart narne=" Result" type=' xsd toat7> 
</rnessage> 



SOAP messages sent in dear fe*f owe; HTTP 



Web Service 




Web Service 


Client 




RFC Ftouter 



Man-in-the-Middle .Attack 



Web Service 




Web Serve e 
(Application 1 ) 




Web Service 
(Application 2) 


Proxy 







rVtody SOAP massage and poet ft to the service end — -point URL 

<transrerFundRequest > 
<account1 narne= Mr Gocd Guy" cperatic&W'debir 

aniounfc='230,0Q0" cu rreney='U5D' nurnbenr'320 ■ 2330-234' f> 
<account2 name-' Mr Bad Guy" ope ration^ "credit" 

amount='230,00O' currency ='USD' number="822 -1220-212' /> 
^/transferFundRecjjeet > 
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Web Services 



Objects 


Location 


Remarks 


Web 

Container 




In this example, this is Apache Tomcat 4.x, 


User access 
control list 


D:\Dev\WSDFconf\ 
to meat- us e rs .x ml 


This file contains the user names, user passwords, 
and roles that are allowed to access and execute 
resources under the Web Container. 


Server 

configuration 
file 


D:\Dev\WSDPSconf\ 
serve nx ml 


This file contains the server configuration (for 
example, port number) for miming the Tomcat 
server. 


Log Files 


Web 

Container 
log files 


D:\Dev\WSDPslogs 


In this example, Tomcat log files are used This 
directory contains log files for Tomcat seiver 
(CatalinsLout), server administration log 
(localhost_admin_log*\logand access_log^.log and 
servicesjbg* Jog), as well as Service Registry log 
(xindice.log). 


Developer 
tool log files 


D:\Dev\WSDEMogs\ 
jwsdp_log*\ log 


In this example, Java Web Services Developer 
Packs log files are shown. 


Service 
Registry 
update activity 
log file 


D:\Dev\WSDFStooIs\ 
xindice\logs\xindiee.log 


In this example, the Xindice database activity log 
file is used. 


Message 
Provider 



efaXML 

message 

provider 

administration 

logs 



D:\Dev\WSDF\work\ 
Services EnginesX 
j axm -p novide i\ebxm 1 



There are four subdirectories that contain the 
messages received, sent, to be dispatched, and to 
be sent. This denotes the physical location where 
the JAXM message provider will send or receive 
the messages with the reliable message delivery 
capability. 
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SOAP Remote 

Provider 

message 

provider 

administration 

logs 


D:\Dev\WSDFWrk\ 
Services Engine^ 
j axni -p rovide i\soap rp 


There are four subdirectories that contain the 
messages received, sent, to be dispatched, and to 
be sent. This denotes the physical location where 
the SOAP remote message provider will send or 
receive the messages with the reliable message 
delivery capability 


Service 
Registry 




In Java Web Services Developer Pack, UDDI 
Sendee Registry is implemented using Xindice 
object database. 


Service 
Registry files 


D:\Dev\WSDPStooLs\ 
xindiceXdb 


This file location contains the subdirectory 
'system* for the object database system files and 
security information, and the subdirectoiy 'uddf 
for the actual UDDI data store. 


WSDL 
documents 


N/A 


In this demo environment, the WSDL documents 
are generated dynamically and do not store in the 
Sendee Registry. 
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Client 


Presentation 


Tiers 
Business 


Integration 


Resource 


Application 

Platform 

Layer 


User id and 
password are 
used for 
authentication. 


Control 
Servlet uses 
HTM L and 
JSP for 
presentation 

Mnrl i n n 1 1 i tv 

JSPs can be 
cached to 
enhance 
performance. 


Java beans 
are used to 
implement 
some of the 
business 

The remote 
FX Quote 
Service is a 
black box, 
accessible via 
J AX-RFC. 


N/A 


N/A 


Virtual 

Platform 

Layer 


HTTP 

HTTPS with 
SSL can be 
used for 
better 
security. 


HTTP 

HTTPS with 
SSL can be 
used for 
better 
security. 


JAXM-TSIK 

Message 

Provider 

provides 

secure 

messaging 

transport for 

SOAP 

111 w»l ^ 

over HTTP 


JAX-RPC, 

JAXM are 

used to 

integrate 

different 

remote 

services. 


JAXR is used 
to access the 
Seivice 
Registry. 


Upper 

Platform 

Layer 


In the future, 
128-bit SSL 
can be used 
for better 
security 


HTTP load 
balancing can 
be used for 
better 
scalability. 


N/A 


In the future, 
server 

clustering can 
be used for 
availability: 


In the future, 
server 

clustering can 
be used for 
availability. 


Lower 

Platform 
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Operating 
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security is 
provided with 
id and 
password. 


N/A 
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N/A 


N/A 


Hardware 

Platform 

Layer 


SSL 

accelerator 
can be added 
in the future 
for faster 
performance 
when using 
HTTPS. 


Reliability 
and 

securability 
can be 
enhanced in 
the future 
with server 
hardening, 
firewall 
configuration, 
and hardware 
clustering. 


Reliability 
and 

securability 
can be 
enhanced in 
the future 
with server 
hardening, 
firewall 
configuration, 
and hardware 
clustering. 


N/A 


Reliability 
and 

securability 
can be 
enhanced in 
the future 
with server 
hardening, 
firewall 
configuration, 
and hardware 
clustering. 
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